Rewterz Threat Advisory – CVE-2021-28814 – QNAP Releases Improper Access Control Vulnerability
June 15, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 16, 2021Rewterz Threat Advisory – CVE-2021-28814 – QNAP Releases Improper Access Control Vulnerability
June 15, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 16, 2021Severity
Medium
Analysis Summary
A new Agent Tesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard, can log keystrokes, capture screenshots, and access the victim’s webcam. It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, in an attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.
Impact
- Credential Theft
- Data Exfiltration
- Information Disclosure
Indicators of Compromise
MD5
- 047835eb456902b63eb14d9091a0169d
- 6329f532af9e79c069a28a98fea78070
- 87ad99c3fe21f3c3eddf7c915221251b
- 8d3ff1cd869c299a5d6ce4e6c56c727a
- d30e5c313e04edcc1321bfd7796d2cc4
- 5be6ea87b100834245fb819af39ab807
- 73c306767d36dca8953b29b9ed771c67
- de46e16c9e4125141ea0e8a384372118
- e93b1ed868cced1c963bd666e720ea5e
- fef22e21b625751676fac325b7db5bab
- ad6a505f5608e0683f9c3e8cb464a0b0
- 12eb5fab9d27ae2afd8c8a45c9022d4a
- 406914688fb6658ef9939b305bc9d5e4
- e329a710a8f4158e645786e437abb5a7
- c7242d2159b091133f226a8085146c5f
- 24fe1af09f09998037e1f66b79da59d4
- e2e3079ac8c5cbbcc7073ca306ab42ac
- 3f55930379405101324085031a4e8268
- a19292c93b4cca6ea264f6a951ca75a9
- 08080ca2b487e9ee3a7ed98e2449745f
- 6b9c5d9e36506e37e6834a15db6944ed
- ae2d103b6c3ba7db84af69ff3788f855
- 189f751060c06e1f314e66caa6fe863f
- 80b912d67bc289b2d40c99f31e1d1056
- 87dd16347308af90af3023e507347c08
- efb321c542e621662705c0d6e92ef516
- fe5d039de5e9cd4fc062f821bc706d35
- e33d87a12a5ead1ee840f1c40af5705c
SHA-256
- de2e00592af25f6033e0b10dbf2974b1e482ad117118cb726892a89acf2cd47b
- 1a7916565b10df8a93edb90f8c4518ae990a949aca2c17ef6f976849a6685ead
- 128ed4ceeb4d3b644afffd03c466420d09eddd9a627f80727f72152e109e6dca
- afd99cf62810bca170cdf3280e0f6084d91add6c0312a70787ab7d137145974b
- 9a04777899da2509413e9627255b0dbd173151f2ba4999c8840e3e10f141e8ed
- 33f876673f95a241651fa65cdd841403444db462314f5de6ed7a760807b083e0
- de7e1613ab7bc3f5a2f3fe3e4922080e5477c4660d7c753a4e5f69bc16e78fde
- 38144b2fe2b8b7e14c2a892bf277c2808c5d184cf0592bae9aac459b3ec7323f
- 8eee1f8b7655d3d380d4e6ab08f039aa8c16982f75d5600616f3999a83fe1ed3
- 11c037956daa879a8c11b0a7940a08bd015ae141a2c62520ab812eab7230f5c5
- a016990a2bb73dc10711541c87881711fa164e25d475e3a0de134ffe79b29edc
- 601f9e7a9b071980effc81bfefb3eaa6c99096ba80405c1fda8a0ec1754585d9
- 104c6a0e538ae1d3f165dcb849a8c4d6e6f68e04d09c11c6c075f514e522fd5c
- 95fffc44a4527eb461642efcfa34516df9f3f4fceb85bf22a170db8a2ebb1795
- 92f825a8a6a755a0b0ff41e3b9267aacaa14d95e1c9ed735526515f1491b4936
- 3490767aa34d2f3811433381dc6db3075961c5d3c9b54b4f78800d65ba2ae3eb
- 49be8f3be48cdaf1e0a536a1fff4918e3897e2c46aec0e413faaa03521b91ce3
- 79e75ea4b6fe994fde869707c55912c311c0a845872af69203eff3ec0223c29a
- a47963fdbc15c52927ee5fe99d79ab636b6787bd3146d79c9934c94d549c5901
- 25e7675bc14fe92063c0cb53516445b0e04f46d582902f621a2ef5c959fbc985
- 15f30978ac1a24cf41dda06fbd082e3edac2b8f465abe9cc47ec0a01e9ed1b6a
- d076926bf5b71bcca0ab9c40ad03948e57236a3a24eb38a4e1dbaddbe5caa67e
- a353e30831fba78c7d08215500b4dadcdd20e5b147af66d6610012209e515aea
- ca25dc34f9e81abc3101d010f1442c6ee544c82a270c41703c801d09264af2e5
- b8c5e6876af13865c8c3698ced08acd5b3696c00e3217dc479d8b4d5c88356a4
- 2c4cb26d98219877c05522789509b199068a89d397214b1387af75047cfe9345
- 7d330e99d8984003178e9901572adc43d719d4618aaa076a8e697eada127c014
- acd89d35c07176ede6b75c95dbec3856468b2532f9c145915fc7e0a3677f2003
- 3096ae5f009c04f73314141290f84922d834c35badcc984376f747cae1c56b62
- 494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2
- 4e7f8e062b62807aaa0cb39b664d3615770d84b42cf6654f22c3dff2376e3c4a
- f7c695a5b7af995eb99168d14218322484daddc685a7e8f4ab3de5888368b676
- a0fc7a3730fb9125bd92aa5f06e1942ae159a2030e228bc718fefac556a81a5c
- 8cdbdc48eeff6dbd8b3cf2bcbf91b4c58c5479e8c3779f36debdd3856f17b185
- ce1ca209da37b39fa02a766d9db0b542ca3fcbf5f0ac550a233a7b813709e3db
- e310c6b4b1aadec0f91646dc9e36e1b36b8f74e9435dd5c2d5cd92cfbecbe7a5
- 34886616b6b5c7af447671106cfc9dc4d28a52647e5b208eef8d1aa0a7f78549
- 3039102bad932f92e0df997a343586b5a553f010434449b5a26866b8d27e3563
- fb89ea1418248072f812a1da9f0021c385ecf567edd6b50115aaf254efd50f7b
- a22164fcb40ad35f1d4034ea74aee6ce152f6a01d9defceffa58185fd50ab04e
- 668467454f962a8a8fdc49490d1d0bc02538e83fc7e22d07b932e903dfaa4d5e
- 234627cfcb2ea4b133aa64b0899901a223f433cdf5e43a39ca2ada45aa59784d
- f2919e2555974e4a0732228df78fbcf02ed5602bba91b20cbfe6a2c59badaec7
- 15e4b7a4a7ca443ebbcda9380409bdf0bfeac547c7bc71b040ef8d4b26402b8f
- 046f729739e74854f70e0227d4e778e35f0db894ce5779f57506eb3aa2b2ba20
- 89a1719d088f9d09d8adb2e8f1aeb61e18c3efe48b4bae298d88cafdc66a7949
- dbfa73853cabc5bbeba9df3f5a29096618a0f169dbd91719b2e2e632ba800674
- fbae2ea5fa7f68104cb068fdff62bb8cd576afa26d6075dbb5179410e5014b68
- 5767d191a3061915524f867f959324f9f9dfd1bd1420f681e82b781af55084ed
- d4dcc4fb8eb0e9da475cb171f76b3baac2e6846537a08703b47f6176984c5cba
- dc83ce579bf97edda366eac1cae7c913cfef6617325bf73454917f99359519d3
- 5133f50e4eba6506c9b0236ee2b881301886ab8967b75316d9b259063ca1a2dc
SHA-1
- 94ac99f80936c0d6af4aeb804b6cd03b080a5583
- 15c0328bf10c7c1429f0377fba4562f0dcafff11
- dc7a2cfef2f09d3122eb1243eb6d685950b90e4a
- f7ca84790784632c22b8109f31743749f0b27fc5
- 250a264f1f688caf65ecd62b04ee368844473b1f
- 4fa0951848b0a0c535d21f2df28001b4b462456e
- e19ee8159e1cd6d6d141e81db5105ac5d89f102f
- eaa891e7c4d67f7074c4e52206dd7eb9f2d8eaa0
- 525069b273e61c1f5d9c62caf95b61ffe4d705cc
- b132cb3b9b0fc1e716850bf17e1bfb0a8617d99e
- 6b007b6f7320e2260cf381d2d3d7eab8f0d439e4
- dcb7d55ace91f4b333083037246f4b320b11d943
- c96792790fa0bc99c26a3affdd35f6ff2bee6064
- df427a106e822213a401334b1f2b8951d07e0020
- f7a2290d7a53b58577ac0890768af7a15464b0a0
- f777b07030b6cfdcd569dee4deab25db99a7de0e
- 5236549f1fbe0f93f4bde89e6e96a34ff98894c3
- 76e77fbed98809446e8d79e842b7962b700d9682
- 16bab4a9841408d21ea88854587da21678e8ae89
- 4835253aab109db08fdf02108d8f09b2342cb644
- fc7d2f21038b88eb2715b018bdcda50b2da6565e
- 4d57f3d57d6463aaaf9a3d881b30649e5afda0f6
- 63f70746bb89255320b342533345a2988b180643
- 4115332c26ca6e1dc8fd884d2d732e56ef51c864
- 811f034e522fd1c9f4ad99d28daa680a649d0379
- 1773a39aae74af10283f1f25978c1eb1afc37d69
- ec30432a74c40dd7e87f90563c06b474da63bcb1
- bf97f4106e1fd04543eaf007f7e53abf9002332e
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.